1. Field of the Invention
The present invention relates to an authentication device using anatomical information and a method thereof.
2. Description of the Related Art
Recently, a variety of authentication devices using anatomical information, such as finger print information, voice print information, iris information, face information, etc., have been sold. Authentication systems using such an authentication device on a network have also been widely used. In the case of an authentication system on a network, an apparatus called an authentication server often manages registration data collectively. For example, in the case of an authentication by a finger print, finger print feature information is collected on a client side provided with a finger print input device and is transferred to an authentication server. A server side performs collation based on the finger print feature information and confirms that the user is authenticated. Then, the server side performs processes, such as access permission, etc.
The assurance of confidentiality in transferring anatomical information to an authentication server is a major problem in improving the security of these systems.
FIG. 1 shows an example of the configuration of a conventional authentication system using anatomical information.
The conventional authentication system using anatomical information comprises a terminal device 1 for obtaining the finger print information of a user to be authenticated, encrypting the information and transmitting the information to a central device via a network 3 together with time information specifying when the finger print information has been obtained, and a central device 2 for deciphering both the encrypted finger print information and time information received via the network 3 based on registered finger print information and performing the authentication of the received finger print information together with the receiving time information.
The finger print information obtaining unit 11 of the terminal device 1 obtains the finger print information of a user to be authenticated by a user pressing his/her finger print on a predetermined place. An encrypting unit 12 encrypts the obtained finger print information under a predetermined procedure. A clock unit 13 generates first real time information. A packet generation/transmitting unit 14 combines the encrypted finger print information and the first real time information into packet data and transmits the data. A modulation unit 15 modulates the packet data at a transmission speed corresponding to the network 3 and transmits the packet data to the network 3 via a line interface unit 16. The demodulation unit 22 of the central device 2 demodulates the modulated packet data received from the network 3 via the line interface unit 21. The demodulated packet data, for example, are assembled and decrypted in a packet data receiving/assembly unit 23 if the data are divided into cells and are transmitted as in an ATM (Asynchronous Transfer Mode) network. A decrypting unit 24 decrypts the encrypted finger print information in the assembled packet data. A finger print information registering/storage unit 25 registers the finger print information of a plurality of users. A finger print information decrypting unit 26 reads registration information from the finger print information registering/storage unit 25, collates the read registration information with the received and decrypted finger print information and judges whether the received finger print information matches the registration information. A clock unit 27 generates second real time information. If the finger print information decrypting unit 26 judges that the received finger print information matches the registration information, an authentication unit 28 compares the first real time information included in the received packet data with the second real time information, and if the time difference is not unnaturally large, the authentication unit 28 authenticates the received finger print information.
FIG. 2 shows the structure of packet data.
First, a user to be authenticated presses his/her finger on a predetermined position of the finger print information obtaining unit 11 of the terminal device 1. The finger print information obtaining unit 11 generates finger print information based on the finger print by a predetermined method and transmits the information to the encrypting unit 12. The encrypting unit 12 encrypts the received finger print information under the predetermined procedure and generates finger print information. The packet data generating/transmitting unit 14 receives time information from the clock unit 13, generates packet data 4 composed of the encrypted finger print information 41 and time information 42 as shown in FIG. 2 and transmits the information. As described above, according to the conventional authentication system using anatomical information, only anatomical information (finger print information) is encrypted.
The modulation unit 15 modulates the packet information at a transmission speed corresponding to the network 3 and transmits the information to the network 3 via the line interface 16. In the central device, the demodulation unit 22 demodulates the modulated packet data received from the network 3 via the line interface unit 21.
The packet data receiving/assembly unit 23 assembles the demodulated packet data (if they are divided and transmitted as ATM cells) as packet information and transmits the information to the decrypting unit 24. The decrypting unit 24 decrypts the received packet information under the predetermined procedure and obtains the original finger print information.
The finger print information decrypting unit 26 collates the received finger print information with a plurality of pieces of finger print information registered in the finger print information registering/storage unit 25, and if the received information and registered information match, the finger print information decrypting unit 26 transmits the information to the authentication unit 28. The authentication unit 28 compares actual time information announced by the clock unit 27 with the time information 42 included in the received packet data, and if it is judged that there is no unnatural time difference (total time period obtained by totaling the respective process time of the terminal device 1 and central device 2 and the transmission time of the network 3 is judged to be a natural time), the authentication unit 28 judges that the received finger print information belongs to the user to be authenticated. As a result, access to the place related to the authentication, such as a computer center, etc., of the user to be authenticated is allowed and the user can enter the computer center, can obtain financial information, etc.
As described above, according to even the conventional method, finger print information can be prevented from being stolen and thereby a third party can be prevented from successfully impersonating a legal user to some extent since the finger print information of a user to be authenticated is encrypted and transmitted by the terminal device 1 and the information is checked by the central device 2 together with time information about when the finger was printed for reading.
However, the conventional method has a disadvantage in that the encrypted finger print information 41 and time information 42 of packet data 4 can be easily separated and thereby a third party can successfully impersonate a legal user by generating new time information, replacing the old time information with the new time information and transmitting the finger print encryption information together with the new time information, which is a problem.
As described above, the conventional authentication system using anatomical information has a problem that a third party cannot be completely prevented from successfully impersonating a legal user and the security of highly confidential information cannot be ensured.